| https://techcrunch.com/2020/11/02/maze-ransomware-group-shutting-down |
| https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html |
| http://www.secureworks.com/research/threat-profiles/gold-village |
| https://adversary.crowdstrike.com/adversary/twisted-spider/ |
| https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel |
| https://analyst1.com/file-assets/RANSOM-MAFIA-ANALYSIS-OF-THE-WORLD%E2%80%99S-FIRST-RANSOMWARE-CARTEL.pdf |
| https://blog.chainalysis.com/reports/ransomware-connections-maze-egregor-suncrypt-doppelpaymer |
| https://blog.minerva-labs.com/egregor-ransomware-an-in-depth-analysis |
| https://blog.redteam.pl/2020/05/sodinokibi-revil-ransomware.html |
| https://blog.sensecy.com/2020/08/20/global-ransomware-attacks-in-2020-the-top-4-vulnerabilities/ |
| https://blog.talosintelligence.com/2019/12/IR-Lessons-Maze.html |
| https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html |
| https://blog.talosintelligence.com/2020/12/quarterly-ir-report-fall-2020-q4.html |
| https://blogs.quickheal.com/maze-ransomware-continues-threat-consumers/ |
| https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf |
| https://cti-league.com/wp-content/uploads/2021/02/CTI-League-Darknet-Report-2021.pdf |
| https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3 |
| https://download.bitdefender.com/resources/files/News/CaseStudies/study/318/Bitdefender-TRR-Whitepaper-Maze-creat4351-en-EN-GenericUse.pdf |
| https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf |
| https://github.com/albertzsigovits/malware-notes/blob/master/Maze.md |
| https://github.com/albertzsigovits/malware-notes/blob/master/Ransomware/Maze.md |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf |
| https://id-ransomware.blogspot.com/2019/05/chacha-ransomware.html |
| https://intel471.com/blog/conti-ransomware-cooperation-maze-lockbit-ragnar-locker |
| https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/ |
| https://ke-la.com/to-attack-or-not-to-attack-targeting-the-healthcare-sector-in-the-underground-ecosystem/ |
| https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/ |
| https://killbit.medium.com/applying-the-diamond-model-to-cognizant-msp-and-maze-ransomware-and-a-policy-assessment-498f01bd723f |
| https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/ |
| https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ |
| https://labs.sentinelone.com/case-study-catching-a-human-operated-maze-ransomware-attack-in-action/ |
| https://labs.sentinelone.com/enter-the-maze-demystifying-an-affiliate-involved-in-maze-snow/ |
| https://media-exp1.licdn.com/dms/document/C4E1FAQHyhJYCWxq5eg/feedshare-document-pdf-analyzed/0?e=1584129600&v=beta&t=9wTDR-mZPDF4ET7ABNgE2ab9g8e9wxQrhXsxI1cSX8U |
| https://nakedsecurity.sophos.com/2020/06/04/nuclear-missile-contractor-hacked-in-maze-ransomware-attack/ |
| https://news.sophos.com/en-us/2020/05/12/maze-ransomware-1-year-counting/ |
| https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/ |
| https://news.sophos.com/en-us/2020/09/22/mtr-casebook-blocking-a-15-million-maze-ransomware-attack/ |
| https://news.sophos.com/en-us/2020/12/08/egregor-ransomware-mazes-heir-apparent/ |
| https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/ |
| https://oag.ca.gov/system/files/Letter%204.pdf |
| https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/ |
| https://research.checkpoint.com/2020/graphology-of-an-exploit-playbit/ |
| https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/543/original/CTIR_casestudy_1.pdf |
| https://securelist.com/maze-ransomware/99137/ |
| https://securelist.com/targeted-ransomware-encrypting-data/99255/ |
| https://securityaffairs.co/wordpress/127826/malware/egregor-sekhmet-decryption-keys.html |
| https://sites.temple.edu/care/ci-rw-attacks/ |
| https://statescoop.com/baltimore-ransomware-crowdstrike-extortion/ |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://techcrunch.com/2020/03/26/chubb-insurance-breach-ransomware/ |
| https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/ |
| https://therecord.media/ransomwhere-project-wants-to-create-a-database-of-past-ransomware-payments/ |
| https://twitter.com/certbund/status/1192756294307995655 |
| https://us-cert.cisa.gov/ncas/alerts/aa20-345a |
| https://web.archive.org/save/https://news.cognizant.com/2020-04-18-cognizant-security-update |
| https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf |
| https://www.accenture.com/us-en/blogs/cyber-defense/evolving-danger-ransomware-extortion |
| https://www.bitdefender.com/files/News/CaseStudies/study/377/Bitdefender-Whitepaper-WMI-creat4871-en-EN-GenericUse.pdf |
| https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/wp-spark-state-of-ransomware.pdf |
| https://www.bleepingcomputer.com/news/security/allied-universal-breached-by-maze-ransomware-stolen-data-leaked/ |
| https://www.bleepingcomputer.com/news/security/chipmaker-maxlinear-reports-data-breach-after-maze-ransomware-attack/ |
| https://www.bleepingcomputer.com/news/security/crytek-confirms-egregor-ransomware-attack-customer-data-theft/ |
| https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/ |
| https://www.bleepingcomputer.com/news/security/data-leak-marketplaces-aim-to-take-over-the-extortion-economy/ |
| https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/ |
| https://www.bleepingcomputer.com/news/security/maze-ransomware-behind-pensacola-cyberattack-1m-ransom-demand/ |
| https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/ |
| https://www.bleepingcomputer.com/news/security/maze-ransomware-now-delivered-by-spelevo-exploit-kit/ |
| https://www.bleepingcomputer.com/news/security/maze-ransomware-now-encrypts-via-virtual-machines-to-evade-detection/ |
| https://www.bleepingcomputer.com/news/security/maze-ransomware-releases-files-stolen-from-city-of-pensacola/ |
| https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/ |
| https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/ |
| https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/ |
| https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/escape-from-the-maze/ |
| https://www.brighttalk.com/webcast/7451/408167/navigating-maze-analysis-of-a-rising-ransomware-threat |
| https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-007/ |
| https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-009/ |
| https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf |
| https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-009.pdf |
| https://www.cityofpensacola.com/DocumentCenter/View/18879/Deloitte-Executive-Summary-PDF |
| https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1 |
| https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/ |
| https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-2/ |
| https://www.crowdstrike.com/blog/maze-ransomware-deobfuscation/ |
| https://www.crowdstrike.com/blog/ransomware-preparedness-a-call-to-action/ |
| https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/ |
| https://www.docdroid.net/dUpPY5s/maze.pdf |
| https://www.domaintools.com/resources/blog/the-most-prolific-ransomware-families-a-defenders-guide |
| https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html |
| https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html |
| https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html |
| https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/ |
| https://www.mandiant.com/resources/financially-motivated-actors-are-expanding-access-into-ot |
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/csi-evidence-indicators-for-targeted-ransomware-attacks-part-ii/ |
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ |
| https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/ |
| https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself |
| https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf |
| https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware |
| https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us |
| https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf |
| https://www.secureworks.com/research/threat-profiles/gold-village |
| https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html |
| https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf |
| https://www.telsy.com/wp-content/uploads/Maze_Vaccine.pdf |
| https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html |
| https://www.trendmicro.com/en_us/research/20/l/the-impact-of-modern-ransomware-on-manufacturing-networks.html |
| https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf |
| https://www.zataz.com/cyber-attaque-a-lencontre-des-serveurs-de-bouygues-construction/ |
| https://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/ |